FirebaseAuth

abstract class FirebaseAuth : InternalAuthProvider


The entry point of the Firebase Authentication SDK.

First, obtain an instance of this class by calling getInstance.

Then, sign up or sign in a user with one of the following methods:

Finally, call getCurrentUser to get a FirebaseUser object, which contains information about the signed-in user.

Summary

Nested types

Listener called when there is a change in the authentication state.

Listener called when the id token is changed.

Public functions

Unit

Registers a listener to changes in the user authentication state.

Unit

Registers a listener to changes in the token authentication state.

Task<Void!>

Applies the given code, which can be any out of band code which is valid according to checkActionCode that does not also pass verifyPasswordResetCode, which requires an additional parameter.

Task<ActionCodeResult!>

Checks that the code given is valid.

Task<Void!>
confirmPasswordReset(code: String, newPassword: String)

Changes the user's password to newPassword for the account for which the code is valid.

Task<AuthResult!>

Tries to create a new user account with the given email address and password.

Task<SignInMethodQueryResult!>

This function is deprecated.

Migrating off of this method is recommended as a security best-practice.

FirebaseApp

Returns the FirebaseApp instance to which this FirebaseAuth belongs.

FirebaseAuthSettings

Returns the FirebaseAuthSettings instance for this FirebaseAuth instance.

java-static FirebaseAuth

Returns an instance of this class corresponding to the default FirebaseApp instance.

java-static FirebaseAuth

Returns an instance of this class corresponding to the given FirebaseApp instance.

Task<AuthResult!>?

Returns a Task wrapping an AuthResult.

Task<Void!>

Initializes the reCAPTCHA Enterprise client proactively to enhance reCAPTCHA signal collection and to complete reCAPTCHA-protected flows in a single attempt.

Boolean

Determines if the given link is a link intended for use with getCredentialWithLink.

Unit

Unregisters a listener to authentication changes.

Unit

Unregisters a listener to authentication changes.

Task<Void!>
revokeAccessToken(accessToken: String)

Revokes the provided accessToken.

Task<Void!>

Calls sendPasswordResetEmail without any ActionCodeSettings.

Task<Void!>
sendPasswordResetEmail(
    email: String,
    actionCodeSettings: ActionCodeSettings?
)

Triggers the Firebase Authentication backend to send a password-reset email to the given email address, which must correspond to an existing user of your app.

Task<Void!>
sendSignInLinkToEmail(
    email: String,
    actionCodeSettings: ActionCodeSettings
)

Sends an email to the specified email which will contain a link to be used to sign in the user.

Task<Void!>
setFirebaseUIVersion(firebaseUIVersion: String?)

For internal use in FirebaseUI only.

Task<AuthResult!>

Signs in the user anonymously without requiring any credential.

Task<AuthResult!>

Tries to sign in a user with the given AuthCredential.

Task<AuthResult!>

Tries to sign in a user with a given Custom Token.

Task<AuthResult!>

Tries to sign in a user with the given email address and password.

Task<AuthResult!>

Tries to sign in a user with the given email address and link.

Unit

Signs out the current user and clears it from the disk cache.

Task<AuthResult!>
startActivityForSignInWithProvider(
    activity: Activity,
    federatedAuthProvider: FederatedAuthProvider
)

Signs in the user using the mobile browser (either a Custom Chrome Tab or the device's default browser) for the given provider.

Task<Void!>

Sets the current user to a copy of the given user, but associated with this 's FirebaseApp.

Unit

Sets the user-facing language code to be the default app language.

Unit
useEmulator(host: String, port: Int)

Modifies this FirebaseAuth instance to communicate with the Firebase Authentication emulator.

Task<String!>

Checks that the code is a valid password reset out of band code.

Public functions

addAuthStateListener

fun addAuthStateListener(listener: FirebaseAuth.AuthStateListener): Unit

Registers a listener to changes in the user authentication state. There can be more than one listener registered at the same time for one or more FirebaseAuth instances.

The listeners call back in the UI thread, on the following events:

  • Right after the listener has been registered
  • When a user signs in
  • When the current user signs out
  • When the current user changes

It is a recommended practice to always listen to sign-out events, as you may want to prompt the user to sign in again and maybe restrict the information or actions they have access to.

Use removeAuthStateListener to unregister a listener.

See addIdTokenListener if you want to listen to token refreshes.

See Also: AuthStateListener

addIdTokenListener

fun addIdTokenListener(listener: FirebaseAuth.IdTokenListener): Unit

Registers a listener to changes in the token authentication state. There can be more than one listener registered at the same time for one or more FirebaseAuth instances.

The listeners call back in the UI thread, on the following events:

  • Right after the listener has been registered
  • When a user signs in
  • When the current user signs out
  • When the current user changes
  • When there is a change in the current user's token

It is a recommended practice to always listen to sign-out events, as you may want to prompt the user to sign in again and maybe restrict the information or actions they have access to.

Use removeIdTokenListener to unregister a listener.

See addAuthStateListener if you do not want to listen to token refreshes.

See Also: IdTokenListener

applyActionCode

fun applyActionCode(code: String): Task<Void!>

Applies the given code, which can be any out of band code which is valid according to checkActionCode that does not also pass verifyPasswordResetCode, which requires an additional parameter.

checkActionCode

fun checkActionCode(code: String): Task<ActionCodeResult!>

Checks that the code given is valid. This code will have been generated by sendPasswordResetEmail or sendEmailVerification valid for a single use.

Returns
Task<ActionCodeResult!>

Task which you can use to see the result via the ActionCodeResult, which holds the user email for which that ActionCode is valid, as well as the which is being performed.

confirmPasswordReset

fun confirmPasswordReset(code: String, newPassword: String): Task<Void!>

Changes the user's password to newPassword for the account for which the code is valid. Code validity can be checked with verifyPasswordResetCode. This use case is only valid for signed-out users, and behavior is undefined for signed-in users. Password changes for signed-in users should be made using updatePassword.

Exceptions

See Also:

createUserWithEmailAndPassword

fun createUserWithEmailAndPassword(email: String, password: String): Task<AuthResult!>

Tries to create a new user account with the given email address and password. If successful, it also signs the user in into the app.

Access the signed-in user with getCurrentUser.

Upon successful completion, this operation triggers an onIdTokenChanged event in all registered s and an onAuthStateChanged event in all registered AuthStateListeners.

Important: you must enable Email &Password accounts in the Firebase console before you can use this method.

Exceptions

See Also:

Returns
Task<AuthResult!>

Task of AuthResult with the result of the operation

fetchSignInMethodsForEmail

fun fetchSignInMethodsForEmail(email: String): Task<SignInMethodQueryResult!>

Returns a list of signin methods that can be used to sign in a given user (identified by its main email address). This will match the getSignInMethod for the credential you would generate for the appropriate signin mechanism.

This method is useful when you support multiple authentication mechanisms if you want to implement an email-first authentication flow. It is also useful to resolve a thrown on signInWithCredential.

Exceptions
Parameters
email: String

the email address that identifies the user to fetch the providers from

Returns
Task<SignInMethodQueryResult!>

Task of SignInMethodQueryResult with the result of the operation. An empty list is returned when Email Enumeration Protection is enabled, irrespective of the number of authentication methods available for the given email.

getApp

fun getApp(): FirebaseApp

Returns the FirebaseApp instance to which this FirebaseAuth belongs.

getFirebaseAuthSettings

fun getFirebaseAuthSettings(): FirebaseAuthSettings

Returns the FirebaseAuthSettings instance for this FirebaseAuth instance.

getInstance

@Keep
java-static fun getInstance(): FirebaseAuth

Returns an instance of this class corresponding to the default FirebaseApp instance.

Note: Firebase Authentication does not currently support Android Direct Boot.

For Applications that use Direct Boot, check if android.content.Context.isDeviceProtectedStorage is false before you call FirebaseAuth.getInstance().

getInstance

@Keep
java-static fun getInstance(firebaseApp: FirebaseApp): FirebaseAuth

Returns an instance of this class corresponding to the given FirebaseApp instance.

Note: Firebase Authentication does not currently support Android Direct Boot.

For Applications that use Direct Boot, check if android.content.Context.isDeviceProtectedStorage is false before you call FirebaseAuth.getInstance(firebaseApp).

getPendingAuthResult

fun getPendingAuthResult(): Task<AuthResult!>?

Returns a Task wrapping an AuthResult. This will return a non-null value if your app launches a web sign-in flow and the OS cleans up your hosting Activity while in the background (likely due to a low-memory event). The returned result is the value that startActivityForSignInWithProvider would have returned, which includes any Exceptions thrown. Otherwise, returns null.

This method will only return a non-null result for a sign-in once. A non-null value will only be present for suitably recent sign-ins to help prevent false positive sign-ins.

initializeRecaptchaConfig

fun initializeRecaptchaConfig(): Task<Void!>

Initializes the reCAPTCHA Enterprise client proactively to enhance reCAPTCHA signal collection and to complete reCAPTCHA-protected flows in a single attempt.

Exceptions
  • FirebaseAuthException thrown on initialization failures. Common reasons are:
    • running on an unsupported API version (< 19, KITKAT).
    • the reCAPTCHA config fetch API call failed.
    • network errors causing other API call/download failures.
Returns
Task<Void!>

Task indicating if initialization was successful.

isSignInWithEmailLink

fun isSignInWithEmailLink(link: String): Boolean

Determines if the given link is a link intended for use with getCredentialWithLink. These links are generated by sendSignInLinkToEmail.

removeAuthStateListener

fun removeAuthStateListener(listener: FirebaseAuth.AuthStateListener): Unit

Unregisters a listener to authentication changes.

See Also: AuthStateListener

removeIdTokenListener

fun removeIdTokenListener(listener: FirebaseAuth.IdTokenListener): Unit

Unregisters a listener to authentication changes.

See Also: IdTokenListener

revokeAccessToken

fun revokeAccessToken(accessToken: String): Task<Void!>

Revokes the provided accessToken. Currently supports revoking Apple-issued accessToken only.

sendPasswordResetEmail

fun sendPasswordResetEmail(email: String): Task<Void!>

Calls sendPasswordResetEmail without any ActionCodeSettings.

sendPasswordResetEmail

fun sendPasswordResetEmail(
    email: String,
    actionCodeSettings: ActionCodeSettings?
): Task<Void!>

Triggers the Firebase Authentication backend to send a password-reset email to the given email address, which must correspond to an existing user of your app. Takes in an which allows linking back to your app from the sent email.

Exceptions
Parameters
email: String

the email of the account to which you wish to issue an account reset email

actionCodeSettings: ActionCodeSettings?

the settings used to allow your app to handle the link sent in the email on iOS, web, and Android.

Returns
Task<Void!>

Task to track completion of the sending operation

sendSignInLinkToEmail

fun sendSignInLinkToEmail(
    email: String,
    actionCodeSettings: ActionCodeSettings
): Task<Void!>

Sends an email to the specified email which will contain a link to be used to sign in the user.

Throws
java.lang.IllegalArgumentException

when given an ActionCodeSettings that does not have canHandleCodeInApp set to true.

See also getCredentialWithLink

setFirebaseUIVersion

fun setFirebaseUIVersion(firebaseUIVersion: String?): Task<Void!>

For internal use in FirebaseUI only.

signInAnonymously

fun signInAnonymously(): Task<AuthResult!>

Signs in the user anonymously without requiring any credential.

This method creates a new account in your Firebase Authentication system, except in the case where there was already an anonymous user signed in into this app. Access the signed-in user with getCurrentUser.

Upon successful completion, this operation triggers an onIdTokenChanged event in all registered s and an onAuthStateChanged event in all registered AuthStateListeners.

Anonymous users do not require any credential, and are useful in situations where you want to persist information about your users before asking them to sign in. For example, they may be useful when implementing a signed-out shopping cart in an e-commerce application.

Due to the unauthenticated nature of this kind of user, they are not transferrable across devices. In order to allow your app's users to keep their information, ask them to provide some other authentication credentials, and link them to the current user with linkWithCredential.

Important: you must enable Anonymous accounts in the Firebase console before being able to use them.

Returns
Task<AuthResult!>

Task of AuthResult with the result of the operation

signInWithCredential

fun signInWithCredential(credential: AuthCredential): Task<AuthResult!>

Tries to sign in a user with the given AuthCredential.

Use this method to sign in a user into your Firebase Authentication system. First retrieve the credential either directly from the user, in case of EmailAuthCredential, or from a supported authentication SDK, such as Google Sign-In or Facebook. Later access the signed-in user with getCurrentUser.

For all AuthCredential types except EmailAuthCredential, this method will create an account for the user in the case that it didn't exist before.

Important: you must configure the authentication providers in the Firebase console before you can use them.

Exceptions
  • FirebaseAuthInvalidUserException thrown if the user account you are trying to sign in to has been disabled. Also thrown if credential is an EmailAuthCredential with an email address that does not correspond to an existing user.
  • FirebaseAuthInvalidCredentialsException thrown if the credential is malformed or has expired. If credential instanceof EmailAuthCredential it will be thrown if the password is incorrect.
  • FirebaseAuthUserCollisionException thrown if there already exists an account with the email address asserted by the credential. Resolve this case by calling fetchSignInMethodsForEmail and then asking the user to sign in using one of them.

See Also:

Returns
Task<AuthResult!>

Task of AuthResult with the result of the operation

signInWithCustomToken

fun signInWithCustomToken(token: String): Task<AuthResult!>

Tries to sign in a user with a given Custom Token.

Use this method after you retrieve a Firebase Auth Custom Token from your server, to sign in a user into your Firebase Authentication system. Access the signed-in user with getCurrentUser.

Upon successful completion, this operation triggers an onIdTokenChanged event in all registered s and an onAuthStateChanged event in all registered AuthStateListeners.

This operation might create an account if the uid specified in the token corresponds to a user without a record in the system.

Read how to use Custom Token authentication and the cases where it is useful in the guides.

Exceptions
Returns
Task<AuthResult!>

Task of AuthResult with the result of the operation

signInWithEmailAndPassword

fun signInWithEmailAndPassword(email: String, password: String): Task<AuthResult!>

Tries to sign in a user with the given email address and password.

Access the signed-in user with getCurrentUser.

Upon successful completion, this operation triggers an onIdTokenChanged event in all registered s and an onAuthStateChanged event in all registered AuthStateListeners.

This is equivalent to calling signInWithCredential with an generated by getCredential.

Important: you must enable Email &Password accounts in the Firebase console before being able to use this method.

Exceptions

See also:

Returns
Task<AuthResult!>

Task of AuthResult with the result of the operation

signInWithEmailLink

fun signInWithEmailLink(email: String, link: String): Task<AuthResult!>

Tries to sign in a user with the given email address and link. This link should be generated by sendSignInLinkToEmail.

Access the signed-in user with getCurrentUser.

Upon successful completion, this operation triggers an onIdTokenChanged event in all registered s and an onAuthStateChanged event in all registered AuthStateListeners.

This is equivalent to calling signInWithCredential with an generated by getCredentialWithLink.

Important: you must enable Passwordless sign-in in the Firebase console before being able to use this method.

Exceptions

See also:

Returns
Task<AuthResult!>

Task of AuthResult with the result of the operation

signOut

fun signOut(): Unit

Signs out the current user and clears it from the disk cache.

Upon successful completion, this operation triggers an onIdTokenChanged event in all registered s and an onAuthStateChanged event in all registered AuthStateListeners.

startActivityForSignInWithProvider

fun startActivityForSignInWithProvider(
    activity: Activity,
    federatedAuthProvider: FederatedAuthProvider
): Task<AuthResult!>

Signs in the user using the mobile browser (either a Custom Chrome Tab or the device's default browser) for the given provider.

Note: this call has a UI associated with it, unlike the majority of calls in FirebaseAuth.

Exceptions
Parameters
activity: Activity

the current Activity from which you intend to launch this flow.

federatedAuthProvider: FederatedAuthProvider

an FederatedAuthProvider configured with information about how you intend the user to sign in.

Returns
Task<AuthResult!>

a Task with a reference to an AuthResult with user information upon success

updateCurrentUser

fun updateCurrentUser(user: FirebaseUser): Task<Void!>

Sets the current user to a copy of the given user, but associated with this 's FirebaseApp. If the given user isn't for this project, then a will be returned via the Task.

useAppLanguage

fun useAppLanguage(): Unit

Sets the user-facing language code to be the default app language.

useEmulator

fun useEmulator(host: String, port: Int): Unit

Modifies this FirebaseAuth instance to communicate with the Firebase Authentication emulator.

Note: this must be called before this instance has been used to do any operations.

Parameters
host: String

the emulator host (e.g. 10.0.2.2)

port: Int

the emulator port (e.g. 8080)

verifyPasswordResetCode

fun verifyPasswordResetCode(code: String): Task<String!>

Checks that the code is a valid password reset out of band code. This code will have been generated by a call to sendPasswordResetEmail, and is valid for a single use.

Returns
Task<String!>

Task which holds the email for which this code is applicable.

Public properties

currentUser

val currentUserFirebaseUser?

customAuthDomain

var customAuthDomainString!

languageCode

var languageCodeString!

tenantId

var tenantIdString!